Question
-
CreatorTopic
-
May 11, 2008 at 6:57 pm #2146245
NTOSKRNL – Sygate FW
Lockedby bladeofudun · about 15 years, 10 months ago
I am using Sygate Personal Firewall and I have been getting a large number of alerts about ntoskrnl. I have just updated to XP Service Pack 3. Should I be concerned?
Topic is locked -
CreatorTopic
All Answers
-
AuthorReplies
-
-
May 11, 2008 at 6:57 pm #2461838
Clarifications
by bladeofudun · about 15 years, 10 months ago
In reply to NTOSKRNL – Sygate FW
Clarifications
-
May 11, 2008 at 7:39 pm #2459840
I think you are OK
by rob miners · about 15 years, 10 months ago
In reply to NTOSKRNL – Sygate FW
After SP3 Virus test result AVG
Partition table (MBR) C: = Changed
Boot sector of disk C: = Changed
C:\windows\system32\kernel32.dll C: = Changed
C:\windows\system32\wsock32.dll C: = Changed
C:\windows\system32\user32.dll C: = Changed
C:\windows\system32\shell32.dll C: = Changed
C:\windows\system32\ntoskrnl.exe C: = Changed-
May 12, 2008 at 7:20 pm #2564120
Unblock?
by bladeofudun · about 15 years, 10 months ago
In reply to I think you are OK
So should I unblock it to make sure it does whatever it needs to be do?
-
May 13, 2008 at 10:09 pm #2564684
From
by rob miners · about 15 years, 10 months ago
In reply to Unblock?
what I have been seeing on other forums the quick fix is to remove Sygate and reinstall, as it is a known problem with Sygate. Some of your settings may have been upset when you installed SP3. It shouldn’t need access to the internet so keep blocking it.
In Options there is an option to Hide Notification Messages.
-
-
-
May 11, 2008 at 7:58 pm #2459832
This is a description of NTOSKRNL. EXE
by oh smeg · about 15 years, 10 months ago
In reply to NTOSKRNL – Sygate FW
Windows errors related to ntoskrnl.exe?
ntoskrnl.exe is a critical process in the boot-up cycle of your computer although should never appear in Win Tasks whilst under normal circumstancesNote: ntoskrnl.exe can be altered by the w32.bolzano and variants. If this process appears in Win Tasks, please update your virus definitions immediately.
So unless you have a listing in Win Tasks or Running Processes there isn’t a problem but a scan with a updated AV Product will not hurt.
Col
-
May 12, 2008 at 7:19 pm #2564121
Right…
by bladeofudun · about 15 years, 10 months ago
In reply to This is a description of NTOSKRNL. EXE
Do you realize how many times I’ve come across that description… word for word or close enough as to make no never mind?
-
May 13, 2008 at 7:00 am #2563953
Well it should tell you something
by oh smeg · about 15 years, 10 months ago
In reply to Right…
This process is only used by Windows to startup not to run Windows. It is also an Attack Vector to exploit Windows.
Personally if I was seeing this reported I would be scanning my computer as I would expect it to be compromised if it was occurring while running. If it is only occurring on the startup it’s not an issue but if it is constantly occurring while running there is a potential problem there that needs looking at.
The reason that the description above is so wide spread is because it’s simple and accurate. As I don’t have access to the machine in question all I can do in relation to the question asked of [b]Is This a Problem[/b] is reply with a description of what the process does and that it is a Native Windows Process that can be compromised. If the system tests as clean I still wouldn’t be unblocking ports to allow it to do it’s thing but if other Windows Processes need that port unblocked I may seriously consider unblocking that port. It depends on what is happening and what is making the calls. But as to should I be worried I really don’t know you have to make that decision and I’m trying to give you accurate Information to help you make whatever decision you eventually come to.
Col
-
May 16, 2008 at 7:36 am #2564281
Thanks
by bladeofudun · about 15 years, 10 months ago
In reply to Well it should tell you something
Thanks for the advice, I’m thinking I will either reinstall Sygate or switch that computer over to Comodo as well.
-
-
-
-
AuthorReplies